How to protect system from cloning?

L

Linuxcompu

Guest
Hello there,

I would like to protect a Linux system from cloning, I don't mind if the cloned hard drive works in the same computer, but I need to avoid it to work in other one, even if it uses exactly same mainboard model and rest of computer parts. I want the cloned system to get frozen or simply restart continously if it's used in another computer.

I found a thread in other forum that talks about a test of the NIC interface's MAC. It could be a good solution.

The issue is that I have no information at all about how to do it, nor the software to use. Of course, I would like it to be as "unbreakable" as possible.

Many regards in advance
 


This is a really good question. I would suggest using some kind of encryption and/or hardware verification. I do not know specifically how you would do this though.
 
Many thanks for your answer, DevynCJohnson, I really appreciate your time and interest.

The user must be able to use the computer, add new drives or even format hard drive using a tool in a usb drive if he needs. It's even desirable (althought not 100% needed) that user can make a backup of the system disk via cloning, and restoring it when needed. BUT I don't want the user to clone disk and use the operative system and all configurations and programs in a different machine, since it's intended to be used only on this computer (I hope that my explanation is ok, hehe)

I know that there is no infallible method for this, but I'm also sure there is some way. It's better having a security method that can be skipped to have no security method at all. If I add some kind of protection, at least the user will have to make some research.

I've been reading something about hostid, and if I can tie the operative system to something depending on hardware, it is an important "first step".

Many thanks again, I hope someone can lend me a hand, at least giving some idea or guideline.

Regards
 
Linuxcompu said:
Many thanks for your answer, DevynCJohnson, I really appreciate your time and interest.

The user must be able to use the computer, add new drives or even format hard drive using a tool in a usb drive if he needs. It's even desirable (althought not 100% needed) that user can make a backup of the system disk via cloning, and restoring it when needed. BUT I don't want the user to clone disk and use the operative system and all configurations and programs in a different machine, since it's intended to be used only on this computer (I hope that my explanation is ok, hehe)

I know that there is no infallible method for this, but I'm also sure there is some way. It's better having a security method that can be skipped to have no security method at all. If I add some kind of protection, at least the user will have to make some research.

I've been reading something about hostid, and if I can tie the operative system to something depending on hardware, it is an important "first step".

Many thanks again, I hope someone can lend me a hand, at least giving some idea or guideline.

Regards
Click to expand...

Make a script that runs on the start of all of the runlevels (except shutdown) that will verify the mac-address, hostname, or or some other data. If the check fails, shutdown the system.
 
Many thanks again, DevynCJohnson,

I'd really appreciate if you could give me some guideline for this, I think it's the best solution.

Regards
 
Linuxcompu said:
Many thanks again, DevynCJohnson,

I'd really appreciate if you could give me some guideline for this, I think it's the best solution.

Regards
Click to expand...

This may offer some help - http://www.linux.org/threads/scripting-command-line-reading-guide.6029/

To get the mac address via shell script -
http://stackoverflow.com/questions/245916/best-way-to-extract-mac-address-from-ifconfig-output

http://stackoverflow.com/questions/...ss-as-a-variable-in-linux-but-it-rarely-works

http://ariandy1.wordpress.com/2012/03/29/getting-ip-and-mac-address-from-bashshell-script/


You would test that the current mac address matches the value that the machine is expected to have. (update you script when you replace the network cards)


To run the script at startup -
http://en.kioskea.net/faq/3348-ubuntu-executing-a-script-at-startup-and-shutdown

http://askubuntu.com/questions/814/how-to-run-scripts-on-start-up

http://stackoverflow.com/questions/12973777/how-to-run-a-shell-script-at-startup
 
DevynCJohnson said:
Make a script that runs on the start of all of the runlevels (except shutdown) that will verify the mac-address, hostname, or or some other data. If the check fails, shutdown the system.
Click to expand...
I just want to give my two cents.
Sorry to disappoint, but here's a Wikipedia article on MAC spoofing. You may want to use more than one method to prevent cloning, or else this kind of restriction may be bypassed if the user finds out about MAC spoofing, and decides to implement it.
Unfortunately, MAC spoofing, according to the link above, is not too difficult to achieve.
 
jerz4lunch said:
I just want to give my two cents.
Sorry to disappoint, but here's a Wikipedia article on MAC spoofing. You may want to use more than one method to prevent cloning, or else this kind of restriction may be bypassed if the user finds out about MAC spoofing, and decides to implement it.
Unfortunately, MAC spoofing, according to the link above, is not too difficult to achieve.
Click to expand...

@jerz4lunch Thanks for the info.


@Linuxcompu , as you can see, you would need to make a script/program that checks various data. Storage encryption may be an option to consider.
 
Well the solutions discussed over here are really worthy. Thanks alot
 
You must log in or register to reply here.

Members online

Total: 696 (members: 3, guests: 693)

Latest posts

Top